Magnus Tan
Reputation: 57
Trying to decrypt a file with AES but get error: Padding is incorrect
I am given this code that encrypts a string "flag".
from Crypto.Util.number import getPrime
from Crypto.Util.Padding import pad, unpad
from Crypto.Cipher import AES
import hashlib
prime = getPrime(1024)
privkey = random.randint(2, prime - 1)
key = pow(2, privkey, prime)
sk = pow(key, privkey, prime)
aes_key = hashlib.md5(str(sk).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
pt = cipher.encrypt(pad(flag, 16)).hex()
print(f"[+] This encrypted flag : {pt}")
And I am told to decrypt the encrypted string to get the original string. I am given the values for the encrypted flag and key plus the values for prime and private key (privkey) in hexadecimal. I tried to use those values to decrypt the flag like so:
flag = "8fceb2a29cc2d7abd8ecfc8da5dc1eea6f67f7a0b047749d66ef8886bb33c720dfc5dd4e508bd1e4a811c62b83f98e65"
prime = int("0xf9aecd571c9afadaceae0004000c64fceb6720f717756dab1f12b2ed7fd211a13024735efeb80a8f7982a0787d4a2eb866b18b8e7d62f2b92f6bd0d7ca52b2cd18e7b508d1af3c69eee907ab9bde2cca7f6cea613954d98a3f8e0c52761937636afb2b6776ac7f4ac02af12e72f4f4905dbeac3e4e856c8542bbda24106161d9", 16)
privkey = int("0x3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001", 16)
key= 101752188851588702786663864886064578902654651951985866839003796634186954471878272123772894282171928731095228234190527287304860559135921159182420718259970442394992811637314757293507073993913485850566751318782466533493182193918336800513466736844109978537994535285068729297204514757610248021028835645897421370304
sk = pow(key, privkey, prime)
aes_key = hashlib.md5(str(sk).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
ct = unpad(cipher.decrypt(bytes.fromhex(flag)), 16)
print(f"[+] This decrypted flag : {ct}")
But this doesn't seem to work since I keep getting
ValueError: Padding is incorrect.
Which part am I doing incorrectly?
Edit: Description of privkey:
Upvotes: 2
Views: 1176
Answers (1)
Topaco
Reputation: 49390
The problem is not the decryption code, but an incomplete key privkey.
The description of the key in the screenshot as privkey leaked together with the two trailing underscores and the information that this is a challenge from a hackathon made me suspect that the key is incomplete, needs to be supplemented by two hex digits, and the full key is to be determined.
This assumption is confirmed if a byte is added to the end of the key whose value runs in a loop from 0 to 255, and PKCS#7 padding is used as criterion for a successful decryption. If this is done, the result is the plaintext:
CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}
and the privkey:
3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001d6
i.e. 0xd6 as final byte
Full code:
from Crypto.Util.Padding import unpad
from Crypto.Cipher import AES
import hashlib
prime = int("0xf9aecd571c9afadaceae0004000c64fceb6720f717756dab1f12b2ed7fd211a13024735efeb80a8f7982a0787d4a2eb866b18b8e7d62f2b92f6bd0d7ca52b2cd18e7b508d1af3c69eee907ab9bde2cca7f6cea613954d98a3f8e0c52761937636afb2b6776ac7f4ac02af12e72f4f4905dbeac3e4e856c8542bbda24106161d9", 16)
privkey = int("0x3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca1108000100", 16)
key= 101752188851588702786663864886064578902654651951985866839003796634186954471878272123772894282171928731095228234190527287304860559135921159182420718259970442394992811637314757293507073993913485850566751318782466533493182193918336800513466736844109978537994535285068729297204514757610248021028835645897421370304
ct = "8fceb2a29cc2d7abd8ecfc8da5dc1eea6f67f7a0b047749d66ef8886bb33c720dfc5dd4e508bd1e4a811c62b83f98e65"
for val in range(255):
sk = pow(key, privkey, prime)
aes_key = hashlib.md5(str(sk).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
try:
ptPadded = cipher.decrypt(bytes.fromhex(ct))
pt = unpad(ptPadded, 16)
print(f"[+] This decrypted flag (padded) : {ptPadded}")
print(f"[+] This decrypted flag (unpadded) : {pt}")
print(f"[+] This decrypted flag (UTF8 decoded): {pt.decode('utf8')}")
print(f"[+] privkey (hex) : {(privkey).to_bytes(128, byteorder='big').hex()}")
except:
pass
privkey += 1
Output:
[+] This decrypted flag (padded) : b'CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}\n\x06\x06\x06\x06\x06\x06'
[+] This decrypted flag (unpadded) : b'CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}\n'
[+] This decrypted flag (UTF8 decoded): CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}
[+] privkey (hex) : 3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001d6
Upvotes: 3
Related Questions
- Padding is incorrect. AES Python encryption
- AES won't decrypt properly
- can somebody tell me what went wrong, when I am trying to decrypt the ciphertext that I encrypted, it tells me that my padding is incorrect
- Encrypt file in python with aes
- ValueError: Invalid padding bytes when decrypting with AES256
- python aes encrypt/decrypt does not return the same results
- Decryption issue in python using AES algorithm
- AES Decryption doesn't work
- Encrypt File using AES and PyCrypto in Python 3
- AES encryption of files with Python